I know how to get the DN from the command line:
adquery user -D "$(hostname -s)"
However, I want to get the DN into an adedit script. If I can select_object {DN here}
, then I can do the other things I need to do.
I just don't know how to get the DN directly in adedit
.
According to the adquery
man page (part of the Centrify Suite):
The adquery command is provided for backward compatibility to enable you to query Active Directory for information about users and groups from the command line on a Centrify-managed computer. You can use this command to query information for classic or hierarchical zones. In most cases, however, you should use adedit commands or scripts to query Active Directory for information in hierarchical zones.
However, there is no clear documentation I can find on how to translate adquery
commands into native calls within adedit
.
For example:
adquery user `hostname -s` --dump
This gives a list of all the raw attributes and values for the user that is the computer I'm running the command on. Using the --attribute
flag, I can return just one attribute.
With adedit
, after I've run select_object THE_DN
, I can get other fields such as "description" by running get_object_field description
. But, how to get the DN in the first place?
I've found the adedit programmer's guide, but can't find what I need in there despite extensive digging and experimentation.
Until I get a better approach, I am running:
adedit myscript "$(adquery user -D "$(hostname -s)")"
And then in the script:
if { $argc != 1 } {
puts "format: $argv0 hostDN"
exit 1
}
set the_dn [lindex $argv 0]
bind ... (credentials here)
select_object $the_dn
(Note: adedit is built on Tcl, so I've tagged this question Tcl as well as Active Directory. I don't have the reputation to create a Centrify tag.)
I don't have any Centrify hosts to test with at the moment. But I'm guessing what you're looking for is a combination of
get_adinfo host
andget_objects
.get_adinfo host
will give you the current host's info or at least a computer name (memory hazy).get_objects
more of a generic LDAP query command that takes typical LDAP parameters like depth, base (DN), and filter.So once you have the computer name, you can use
get_objects
to query the DN something like this.Again, totally untested. But I'm pretty sure this should get you going in the right direction.